| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vermutlicher Befall mit VerschlüsselungstrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2012, 19:14
| #1 |
| |  Vermutlicher Befall mit Verschlüsselungstrojaner Hallo liebe Gemeinde, das Notebook meines Bekannten wurde vermutlich durch einen Verschlüsselungstrojaner kompromitiert. Die zugehörige Mail mit der Anlage habe ich bereits zugesendet. Meine Scans mit Avira, Norton 360 und Malwarebytes liefern keine Funde mehr. Evtl. hat ein nachträglicher Komplettscan die Spuren entfernt ... Die Frage ist, wie oder mit welchem Tool könnte man die verschlüsselten Dateien wieder herstellen ? Viele Dateien habe einfach kryptische Namen, z. B.: "qANOaponsGDeONdfnovu" bei anderen wiederum stimmt der Name, aber die Dateien lassen sich mit verschiedensten Programme und Fehlermeldungen nicht öffnen. So z. B. mit Word 2003, Excel 2003, Powerpoint 2003, aber auch Bilder oder Filme gehen mit verschiedenen Programmen nicht auf. Bestimmt könnt Ihr aus der Mail erkennen, welcher Schädling zugeschlagen hat und was man dagegen tun kann ? Im voraus vielen Dank für Eure Mühen ! Jörn Das OTL-Log: -------------- Code:
ATTFilter OTL logfile created on: 29.07.2012 07:23:07 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 64,27% Memory free 3,81 Gb Paging File | 3,14 Gb Available in Paging File | 82,47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 158,17 Gb Free Space | 67,92% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 07:22:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.04.04 14:06:00 | 001,001,472 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudgetGui.exe PRC - [2012.04.04 10:12:30 | 001,298,512 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.08.22 14:48:22 | 000,883,792 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe PRC - [2011.07.27 14:12:56 | 000,139,344 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.10.01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe PRC - [2009.10.01 21:32:04 | 002,596,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2008.09.09 03:42:26 | 000,135,168 | ---- | M] (Citrix Systems, Inc) -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.07.26 14:57:02 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2012.03.07 14:59:48 | 000,098,304 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMIF32.DLL MOD - [2011.12.22 16:28:30 | 001,724,416 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpgacc.dll MOD - [2011.12.01 12:55:40 | 000,195,072 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPDLG.DLL MOD - [2011.10.12 16:43:20 | 000,148,992 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudget2008.dll MOD - [2011.08.19 13:24:12 | 000,964,608 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rsussl.dll MOD - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2002.09.04 16:27:06 | 000,102,400 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpCry.DLL MOD - [2002.06.28 11:16:42 | 000,151,552 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPCFG.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 10:12:30 | 001,298,512 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt) SRV - [2011.08.22 14:48:22 | 000,883,792 | ---- | M] (NCP engineering GmbH) [Auto | Stopped] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe -- (rwsrsu) SRV - [2011.07.27 14:12:56 | 000,139,344 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE -- (NcpSec) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.10.01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2009.09.21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service) SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2008.09.09 03:42:26 | 000,135,168 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl) SRV - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.06.14 20:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120727.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.05.31 04:40:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.05.31 04:40:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.05.16 01:48:15 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15) DRV - [2012.05.16 01:48:14 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG) DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp) DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP) DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt) DRV - [2011.10.27 18:07:55 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.21 03:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI) DRV - [2011.03.31 05:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 05:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011.03.15 04:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 08:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2011.01.27 07:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2009.09.21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount) DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap) DRV - [2008.09.09 03:43:14 | 000,048,280 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM) DRV - [2008.04.28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008.04.13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB) DRV - [2008.04.11 17:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.26 18:37:26 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.03.25 16:24:22 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008.01.03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{70342950-0837-48E9-A7E7-15122D10E11A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F0FD1B99-89F3-45A1-89D4-DFAF1735CC45&apn_sauid=9FD0EA40-82CF-412C-B236-014CC2535A07& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.11 18:52:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012.07.27 18:47:28 | 000,000,000 | ---D | M] O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpMonitor] C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpmon.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM-Systems\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpRsuGui] C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe (NCP engineering GmbH) O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Citrix Access Gateway.lnk = C:\Programme\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - c:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.24 20:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9eac8576-2a27-11e0-9f85-00215d2d3544}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 07:22:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.07.28 19:45:18 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2012.07.28 19:45:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.07.28 19:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.07.27 19:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.07.27 19:43:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.07.27 19:43:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.27 19:43:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.27 19:43:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.27 18:59:23 | 000,000,000 | ---D | C] -- C:\N360_RESTORE [2012.07.26 19:50:27 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll [2012.07.26 19:50:24 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll [2012.07.26 19:50:13 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe [2012.07.26 19:50:10 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys [2012.07.26 19:49:47 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys [2012.07.26 19:49:44 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys [2012.07.26 19:49:36 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys [2012.07.26 19:49:19 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys [2012.07.26 19:49:06 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys [2012.07.26 19:49:03 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys [2012.07.26 19:49:00 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys [2012.07.26 19:48:55 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys [2012.07.26 19:48:52 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys [2012.07.26 19:48:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys [2012.07.26 19:48:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys [2012.07.26 19:48:32 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys [2012.07.26 19:48:20 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys [2012.07.26 19:48:17 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys [2012.07.26 19:48:14 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys [2012.07.26 19:48:09 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys [2012.07.26 19:47:53 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll [2012.07.26 19:47:41 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll [2012.07.26 19:47:38 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll [2012.07.26 19:47:28 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys [2012.07.26 19:47:26 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll [2012.07.26 19:47:23 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys [2012.07.26 19:47:20 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll [2012.07.26 19:47:17 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys [2012.07.26 19:47:14 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll [2012.07.26 19:46:52 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys [2012.07.26 19:46:48 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys [2012.07.26 19:46:45 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll [2012.07.26 19:46:44 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys [2012.07.26 19:46:40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys [2012.07.26 19:46:38 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys [2012.07.26 19:46:27 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys [2012.07.26 19:46:24 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll [2012.07.26 19:45:58 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll [2012.07.26 19:45:56 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll [2012.07.26 19:45:53 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys [2012.07.26 19:45:50 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys [2012.07.26 19:45:45 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys [2012.07.26 19:45:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys [2012.07.26 19:45:03 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll [2012.07.26 19:45:01 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys [2012.07.26 19:44:58 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys [2012.07.26 19:44:56 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys [2012.07.26 19:44:33 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys [2012.07.26 19:44:31 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys [2012.07.26 19:44:28 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys [2012.07.26 19:44:22 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys [2012.07.26 19:43:59 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys [2012.07.26 19:43:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys [2012.07.26 19:43:54 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys [2012.07.26 19:43:51 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll [2012.07.26 19:43:31 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys [2012.07.26 19:43:25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys [2012.07.26 19:43:23 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys [2012.07.26 19:43:11 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys [2012.07.26 19:43:08 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll [2012.07.26 19:43:06 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys [2012.07.26 19:43:03 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll [2012.07.26 19:43:01 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll [2012.07.26 19:42:58 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll [2012.07.26 19:42:56 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys [2012.07.26 19:42:53 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll [2012.07.26 19:42:51 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys [2012.07.26 19:42:46 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll [2012.07.26 19:42:43 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll [2012.07.26 19:42:42 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll [2012.07.26 19:42:41 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll [2012.07.26 19:42:30 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll [2012.07.26 19:42:26 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys [2012.07.26 19:42:22 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys [2012.07.26 19:42:06 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys [2012.07.26 19:42:03 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys [2012.07.26 19:41:50 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys [2012.07.26 19:41:48 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys [2012.07.26 19:41:46 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys [2012.07.26 19:41:37 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys [2012.07.26 19:41:02 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe [2012.07.26 19:40:52 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys [2012.07.26 19:40:52 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys [2012.07.26 19:40:49 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys [2012.07.26 19:40:18 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys [2012.07.26 19:40:13 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys [2012.07.26 19:40:10 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys [2012.07.26 19:39:52 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys [2012.07.26 19:39:41 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys [2012.07.26 19:39:39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys [2012.07.26 19:39:34 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys [2012.07.26 19:39:26 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys [2012.07.26 19:39:24 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll [2012.07.26 19:39:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll [2012.07.26 19:39:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys [2012.07.26 19:39:12 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys [2012.07.26 19:39:10 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll [2012.07.26 19:39:07 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys [2012.07.26 19:39:05 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll [2012.07.26 19:38:58 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys [2012.07.26 19:38:56 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll [2012.07.26 19:38:54 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys [2012.07.26 19:38:51 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll [2012.07.26 19:38:49 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys [2012.07.26 19:37:37 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys [2012.07.26 19:37:20 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys [2012.07.26 19:37:18 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys [2012.07.26 19:37:17 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys [2012.07.26 19:37:15 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys [2012.07.26 19:37:15 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys [2012.07.26 19:37:12 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys [2012.07.26 19:37:06 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys [2012.07.26 19:37:04 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys [2012.07.26 19:37:02 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys [2012.07.26 19:36:59 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys [2012.07.26 19:36:56 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys [2012.07.26 19:36:54 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys [2012.07.26 19:36:11 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys [2012.07.26 19:35:43 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll [2012.07.26 19:34:28 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll [2012.07.26 19:34:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll [2012.07.26 19:33:58 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys [2012.07.26 19:33:56 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys [2012.07.26 19:33:54 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys [2012.07.26 19:33:42 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys [2012.07.26 19:33:34 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys [2012.07.26 19:33:32 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys [2012.07.26 19:33:28 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys [2012.07.26 19:33:27 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys [2012.07.26 19:33:25 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys [2012.07.26 19:33:24 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys [2012.07.26 19:33:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys [2012.07.26 19:33:10 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys [2012.07.26 19:33:09 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys [2012.07.26 19:32:00 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys [2012.07.26 19:31:57 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys [2012.07.26 19:31:50 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys [2012.07.26 19:31:48 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys [2012.07.26 19:31:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys [2012.07.26 19:31:43 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe [2012.07.26 19:31:42 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll [2012.07.26 19:31:41 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll [2012.07.26 19:31:39 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys [2012.07.26 19:31:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys [2012.07.26 19:31:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys [2012.07.26 19:31:19 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys [2012.07.26 19:31:01 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys [2012.07.26 19:31:00 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys [2012.07.26 19:30:59 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys [2012.07.26 19:30:59 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys [2012.07.26 19:30:58 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys [2012.07.26 19:30:57 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys [2012.07.26 19:30:56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys [2012.07.26 19:30:55 | 000,252,928 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll [2012.07.26 19:30:49 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll [2012.07.26 19:30:39 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys [2012.07.26 19:30:33 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys [2012.07.26 19:30:27 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys [2012.07.26 19:30:27 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys [2012.07.26 19:30:26 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys [2012.07.26 19:30:26 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys [2012.07.26 19:30:25 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys [2012.07.26 19:30:23 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys [2012.07.26 19:30:23 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys [2012.07.26 19:30:23 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys [2012.07.26 19:30:22 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys [2012.07.26 19:30:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll [2012.07.26 19:30:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys [2012.07.26 19:29:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys [2012.07.26 19:29:51 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys [2012.07.26 19:29:51 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys [2012.07.26 19:29:50 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys [2012.07.26 19:29:50 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll [2012.07.26 19:29:49 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys [2012.07.26 19:29:49 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll [2012.07.26 19:29:48 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys [2012.07.26 19:29:47 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll [2012.07.26 19:29:47 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe [2012.07.26 19:29:46 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll [2012.07.26 19:29:45 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll [2012.07.26 19:29:45 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys [2012.07.26 19:29:45 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys [2012.07.26 19:29:44 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll [2012.07.26 19:29:44 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys [2012.07.26 19:29:43 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll [2012.07.26 19:29:43 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll [2012.07.26 19:29:40 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys [2012.07.26 19:29:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys [2012.07.26 19:29:37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll [2012.07.26 19:29:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys [2012.07.26 19:29:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll [2012.07.26 19:29:36 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys [2012.07.26 19:29:36 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys [2012.07.26 19:29:35 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll [2012.07.26 19:29:04 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys [2012.07.26 19:29:01 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys [2012.07.26 19:28:49 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys [2012.07.26 19:28:48 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys [2012.07.26 19:28:48 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys [2012.07.26 19:28:47 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys [2012.07.26 19:28:47 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys [2012.07.26 19:28:46 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll [2012.07.26 19:28:43 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll [2012.07.26 19:28:43 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll [2012.07.26 19:28:41 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll [2012.07.26 19:28:41 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys [2012.07.26 19:28:40 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys [2012.07.26 19:19:03 | 000,138,592 | ---- | C] (StorageCraft) -- C:\WINDOWS\System32\drivers\symsnap.sys [2012.07.26 19:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Ghost [2012.07.26 19:18:56 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\vproeventmonitor.sys [2012.07.26 16:13:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.26 15:38:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER [2012.07.26 15:37:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2012.07.25 22:03:48 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.25 18:22:54 | 000,000,000 | ---D | C] -- C:\N360_BACKUP [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.29 07:25:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E668057B-472F-4D7B-B2E1-57E0E78A8C25}.job [2012.07.29 07:22:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.07.29 07:17:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.28 19:48:48 | 000,094,165 | ---- | M] () -- C:\Zweite Abmahnung für 56410969799.7z [2012.07.28 19:48:23 | 000,110,592 | ---- | M] () -- C:\Zweite Abmahnung für 56410969799.msg [2012.07.28 19:34:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.28 19:30:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.07.28 19:08:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2012.07.27 19:43:22 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.27 18:47:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.27 18:47:32 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.27 18:47:14 | 2106,466,304 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 19:09:45 | 000,002,754 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate [2012.07.26 16:32:57 | 000,001,492 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Rechner.lnk [2012.07.26 15:41:23 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.23 23:37:26 | 000,004,096 | ---- | M] () -- C:\VSNAP.IDX [2012.07.10 22:17:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.29 16:35:00 | 004,485,154 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Frau Berger [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.29 07:17:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.28 19:48:48 | 000,094,165 | ---- | C] () -- C:\Zweite Abmahnung für 56410969799.7z [2012.07.28 19:48:23 | 000,110,592 | ---- | C] () -- C:\Zweite Abmahnung für 56410969799.msg [2012.07.28 19:08:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2012.07.27 19:43:22 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 19:50:24 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll [2012.07.26 19:50:21 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe [2012.07.26 19:42:19 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll [2012.07.26 19:41:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax [2012.07.26 19:41:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll [2012.07.26 19:41:26 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012.07.26 19:40:15 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys [2012.07.26 19:38:13 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax [2012.07.26 19:36:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012.07.26 19:35:55 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012.07.26 19:35:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012.07.26 19:35:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012.07.26 19:35:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012.07.26 19:34:26 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll [2012.07.26 19:34:22 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll [2012.07.26 19:34:19 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll [2012.07.26 19:34:15 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll [2012.07.26 19:34:11 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll [2012.07.26 19:33:59 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012.07.26 19:31:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll [2012.07.26 19:31:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll [2012.07.26 19:31:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll [2012.07.26 19:31:41 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll [2012.07.26 19:30:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012.07.26 19:29:27 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys [2012.07.26 19:29:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys [2012.07.26 19:29:25 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys [2012.07.26 19:29:24 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys [2012.07.26 19:29:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys [2012.07.26 19:29:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys [2012.07.26 19:29:22 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys [2012.07.26 19:29:22 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys [2012.07.26 19:29:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys [2012.07.26 19:29:13 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys [2012.07.26 19:09:45 | 000,002,754 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate [2012.02.20 17:09:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.24 15:38:52 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2011.10.29 17:19:05 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2011.10.29 17:17:01 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2010.11.15 22:43:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010.11.15 22:43:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010.11.15 22:43:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010.11.15 22:43:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010.11.15 22:43:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010.11.15 22:43:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010.11.15 22:43:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010.11.15 22:43:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010.11.15 22:43:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010.11.15 22:43:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.11.15 22:43:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.11.15 22:43:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.11.15 22:43:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.11.15 22:43:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.11.15 22:43:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.11.15 22:43:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.11.15 22:43:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.11.15 22:43:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.11.15 22:43:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010.10.16 21:25:51 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.04.28 12:48:10 | 000,000,675 | ---- | C] () -- C:\Dokumente und Einstellungen\***\reader.ini [2009.04.11 20:12:40 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.10 10:31:51 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2012.02.11 22:19:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2009.06.01 11:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix [2011.01.16 20:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2011.10.27 18:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2012.07.25 14:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WAHLKONZEPT_P [2011.10.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} [2010.05.04 06:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.07.25 14:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2011.06.03 18:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Anthropics [2012.07.25 14:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DocumentsToGoDesktop [2011.06.03 19:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IN-MEDIAKG [2011.06.03 19:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mresreg [2009.06.24 14:44:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Toshiba [2010.05.09 17:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2010.12.09 18:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search [2012.07.28 19:30:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2012.07.29 07:25:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E668057B-472F-4D7B-B2E1-57E0E78A8C25}.job ========== Purity Check ========== < End of report > --------------- Code:
ATTFilter OTL Extras logfile created on: 29.07.2012 07:23:07 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 64,27% Memory free
3,81 Gb Paging File | 3,14 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 158,17 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMON.exe" = C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMON.exe:*:Enabled:ncpmon.exe -- (NCP engineering GmbH)
"C:\Programme\LANCOM\LANconfig\lanconf.exe" = C:\Programme\LANCOM\LANconfig\lanconf.exe:*:Enabled:LANconfig -- (LANCOM Systems GmbH, Würselen (Germany))
"C:\Programme\Citrix\Secure Access Client\nsload.exe" = C:\Programme\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix AGEE Client -- (Citrix Systems, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41241757-781F-41E3-A2E7-BD8B37E355CA}" = WAHLKONZEPT (P)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A345E562-C6F1-4F6B-9F91-FB18A007F321}" = Citrix Access Gateway Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.28 alpha
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DTGDesktop" = Documents To Go Desktop for iPhone
"EC2000 A4" = EC2000 A4
"FotoWorks XL_is1" = FotoWorks XL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LANconfig" = LANconfig
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360 Premier Edition
"NCP RWS/GA" = LANCOM Advanced VPN Client
"PortraitProfessional9Trial_is1" = Portrait Professional 9.8 Test
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Wdf01000" = Microsoft Kernel-Mode Driver Framework 1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.07.2012 13:08:30 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
P10 NIL.
Error - 25.07.2012 13:08:57 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description =
Error - 25.07.2012 13:09:00 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
P10 NIL.
Error - 26.07.2012 05:12:10 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description =
Error - 26.07.2012 05:12:29 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
P10 NIL.
Error - 26.07.2012 05:17:38 | Computer Name = *** | Source = MsiInstaller | ID = 11719
Description = Produkt: Microsoft Office Excel MUI (German) 2007 -- Fehler 1719.
Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten,
wenn Windows im abgesicherten Modus ausgeführt wird oder wenn der Windows Installer
nicht korrekt installiert wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung,
um weitere Unterstützung zu erhalten.
Error - 26.07.2012 13:26:49 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description =
Error - 26.07.2012 13:56:35 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description =
Error - 26.07.2012 13:57:02 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4ac5720c, P4
system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
P10 NIL.
Error - 29.07.2012 01:02:45 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rwsrsu.exe, Version 3.0.2.0, fehlgeschlagenes
Modul rwsrsu.exe, Version 3.0.2.0, Fehleradresse 0x000425dc.
[ OSession Events ]
Error - 13.06.2010 10:35:40 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.08.2011 02:04:23 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1070
seconds with 960 seconds of active time. This session ended with a crash.
Error - 28.08.2011 02:05:58 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.12.2011 16:09:31 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 194
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.07.2012 08:58:34 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Search.
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 25.07.2012 09:08:19 | Computer Name = *** | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 26.07.2012 06:06:38 | Computer Name = *** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.130 für die Netzwerkkarte mit der Netzwerkadresse
001F16035597 wurde durch den DHCP-Server 192.168.0.10 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 26.07.2012 09:26:58 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 27.07.2012 12:48:05 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 29.07.2012 01:02:46 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "rwsrsu" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 29.07.2012 01:23:36 | Computer Name = *** | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NAS1",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7D74EC76-2933-4666-9F60-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
< End of report >
--------------- Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-29 08:42:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kwliqpow.sys
---- System - GMER 1.0.15 ----
SSDT 88E81B70 ZwAlertResumeThread
SSDT 88E841A8 ZwAlertThread
SSDT 88FFF4B8 ZwAllocateVirtualMemory
SSDT 88E790B0 ZwAssignProcessToJobObject
SSDT 84E23118 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9968F710]
SSDT 8887EE28 ZwCreateMutant
SSDT 89649350 ZwCreateSymbolicLinkObject
SSDT 892D8FB0 ZwCreateThread
SSDT 88EEE240 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9968F990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9968FEF0]
SSDT 892F4850 ZwDuplicateObject
SSDT 88852C90 ZwFreeVirtualMemory
SSDT 88F050C0 ZwImpersonateAnonymousToken
SSDT 88EBD350 ZwImpersonateThread
SSDT 88F4B0C0 ZwLoadDriver
SSDT 88849B88 ZwMapViewOfSection
SSDT 88F450C0 ZwOpenEvent
SSDT 8940C078 ZwOpenProcess
SSDT 88867220 ZwOpenProcessToken
SSDT 88F1FB30 ZwOpenSection
SSDT 84E28168 ZwOpenThread
SSDT 89451360 ZwProtectVirtualMemory
SSDT 88EA11D8 ZwResumeThread
SSDT 89076110 ZwSetContextThread
SSDT 888B9E28 ZwSetInformationProcess
SSDT 88ED7488 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x99690140]
SSDT 88EAB0C0 ZwSuspendProcess
SSDT 88EE41A8 ZwSuspendThread
SSDT 88866638 ZwTerminateProcess
SSDT 890761A8 ZwTerminateThread
SSDT 88934240 ZwUnmapViewOfSection
SSDT 88F56280 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C0C 805044C4 8 Bytes [70, 1B, E8, 88, A8, 41, E8, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 8 Bytes JMP EE41A888
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2052] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 03290048
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 0329012A
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03290676
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 032903D0
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03290594
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 032902EE
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 03290758
.text C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 032904B2
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CreateBindCtx + B5F 774CF15F 7 Bytes JMP 0329091C
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CoImpersonateClient + 51 774E5200 7 Bytes JMP 0329083A
.text C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
|
|
30.07.2012, 13:15
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vermutlicher Befall mit VerschlüsselungstrojanerZitat:
 Eine Entschlüsselung ist unwahrscheinlich bis unmöglich! Zitat:
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________ |
|
| Themen zu Vermutlicher Befall mit Verschlüsselungstrojaner |
| anderen, anlage, avira, befall, bilder, dateien, einfach, entfernt, erkennen, excel, fehlermeldungen, frage, gen, google earth, helper.exe, hewlett packard, hotkey.sys, launch, mail, malwarebytes, msiinstaller, namen, norton, norton 360, notebook, ntdll.dll, office 2007, plug-in, powerpoint, programme, schädling, searchscopes, spuren, tool, verschiedene, welchem, wieder herstellen, windows internet, word 2003, wsearch |
Linear-Darstellung
